The eduroam Configuration Assistant Tool (CAT) is the simplest way to configure eduroam on all of your devices. eduroam CAT provides automatic wireless profile installers for most of the commonly used mobile device platforms including Windows, OS X, Apple iOS, Android, and most Linux distributions. The installers generated by CAT are digitally signed and ensure your device will only connect to genuine eduroam networks and authenticate with only the official LAWN authentication servers.

To get started using eduroam CAT:

Remove all other GT Wireless network profiles including previous profiles for eduroam, GTwifi, GTother, and GTvisitor (see the Troubleshooting Guides for more info).

Select the Georgia Institute of Technology-Main Campus as your institution.

The CAT website will automatically suggest the correct installer for your device. Click the button to download.

Run the downloaded installer, and follow the prompts to connect to eduroam.

About eduroam

eduroam is a secure world-wide roaming authentication service which allows users from participating members of the research and education community to connect to WiFi networks when visiting eduroam community member locations. eduroam allows GT users to access Wi-Fi when traveling and visitors from institutions participating in eduroam to login to LAWN without the need for guest sponsorships or visitor passes.

Note that when using eduroam off campus, the authentication component provided by Georgia Tech is only used to obtain network access; each eduroam Institution supports and manages the underlying wireless equipment, networks, and their policies. If you have issues connecting while visiting a remote location, you should contact local support for assistance, which can be found through THIS LINK by entering the name of the organization.

There are a few things to be aware of when using eduroam:

If you are hosting an event. Please have a backup (GTvisitor or sponsored guest accounts) in place in the event eduroam users are not able to authenticate or users do not have an eduroam capable account.

Machine authentications to Georgia Tech AD servers is only supported on the eduroam SSID if the <GT Account>@gatech.edu (GT example: gpburdell33@gatech.edu) form of the userid is used for authentication to GTAD.

eduroam users visiting the campus are placed on a different network and will not have the same access to the GT network as as GT users. Note that if you are a GT user and use a login from another institution, you will not have access to the same resources that you would using your GT login credentials for eduroam.

Manual Configuration Examples

The eduroam SSID is available throughout the Atlanta campus and uses the same security and infrastruture as GTwifi, which will be retired in the summer of 2018. Here is the basic information for connecting to the eduroam SSID:

Forget or delete your GTwifi, GTother, and GTvisitor wireless configurations - only one GT network should be configured on any device at any one time. Refer to the troubleshooting guides below for help removing old wireless profiles.

When connecting, your device will prompt you to trust the "lawn.gatech.edu" server certificate. Optionally, as an added security measure, if you'd like to verify the certificate before trusting it, you may verify that the SHA-1 and SHA-256 fingerprints exactly match the values below:

Below are troubleshooting guides which may help to fix some connection and configuration issues. If you still have limited success after reviewing these guides or are uncomfortable taking these steps, please visit the OIT Technology Support Center.

I'm here at the University of Mississippi and the Eduroam authentication described above certainly did not work for me today. All in all, a very frustrating day, since the University of Mississippi does not have the GaTech equivalent of "sponsored accounts". Tom Trotter, School of Mathematics

John M. Douglass

Posted:November 16, 2015, 9:58 am

Mr. Trotter, I saw a number of successful authentications from your account on the 14th using the EduRoam services. Georgia Tech's authentication services were functioning and returning that you passed authentication. Did you contact the technical support for their wireless services? We have seen cases where authentication was successful, but local network issues prevented network access.

Karen Judy Head

Posted:February 12, 2018, 10:58 am

I've had success logging on in Germany, but I was at Notre Dame this weekend, and when I tried to log in the system kept saying that my credentials were not accepted. As soon as I returned to GT, everything automatically connected again.

John M. Douglass

Posted:February 12, 2018, 4:09 pm

ModifiedFebruary 12, 2018, 4:10 pm

Karen, I created a support request (you can contact support@oit.gatech.edu or 404-894-7173 in the future) for you. I did see a number of successful authentications coming from Notre Dame so the GT systems were responding correctly. When traveling and using "eduroam" please remember that the underlying network at any participating campus are managed by that campus and should be your first contact when having issues with Eduroam.

Rebecca Elizabeth Grinter

Posted:April 18, 2018, 2:59 pm

Just looking at the troubleshooting instructions for IOS, and it implies that you want to forget the network eduroam. Surely its GTwifi that should be deleted (there doesn't seem to be a parity between those instructions and the ones for the Mac OS where it is GTwifi that's deleted).

jsmith457

Posted:April 18, 2018, 3:17 pm

Rebecca, when removing old wireless profiles you really want to remove any and all GT networks (eduroam, gtwifi, gtvisitor, etc.) as only one network should be configured at a time, so eduroam and GTwifi are really interchangeable as the process is the same. I just added the troubleshooting guide for iOS yesterday while the other ones were written last year, so that's why they're not consistent. In the future when GTwifi no longer exists, all of the guides will probably be updated to show eduroam being removed instead of GTwifi.

Jerry B. Ray Jr.

Posted:April 18, 2018, 5:38 pm

In the GTRI space on 14th St. (I'm on the 4th floor of 260 14th St., particularly), we can't currently see the eduroam network (but we do see GTwifi). Will eduroam coverage be available in this area before GTwifi is decomissioned?

bhrolenok3

Posted:April 19, 2018, 7:02 pm

Can I ask why the configuration examples for android you link to specifically say to select "Do Not Validate" for the certificate option? Since eduroam is a shared SSID across multiple institutions, how can we be sure we're not connecting to a maliciously configured router? Setting the option to "Use system certificates" and setting the domain to "gatech.edu" seems to work fine, wouldn't this be preferable to trusting any certificate without validation?

alucius6

Posted:April 23, 2018, 9:49 pm

I would also like to protest the Android configuration instructions. Not validating the certificate is not a safe option. We found that using the "use system certificates" setting with the domain "lawn.gatech.edu" seems to work, but "gatech.edu" does not work for me.

The flaw with this method, of course, is that the connection will not work at other institutions without changing the domain settings to whatever is appropriate there. However, this is not a good reason to dismiss proper security practices. I shall be submitting a ticket on this matter.

alucius6

Posted:April 24, 2018, 1:57 pm

The instructions for Linux are flawed in the same way, since they include bypassing the CA certificate check. The instructions for Windows, Mac, and iOS are better due to the fact that these OSes handle the situation by offering to display the certificate to the user so that its authenticity can be verified. However, it would be better if the instructions were updated with information on how to verify that it is the correct certificate.

jsmith457

Posted:April 27, 2018, 8:22 am

@bhrolenok3 and @alucius6 - Yes, blindly accepting the RADIUS server certificate is not a very secure practice as this could allow a device to connect to a “rogue” eduroam network. However, we changed the configuration examples to reflect this because we were having trouble with certain Android devices and Linux NetworkManager validating the LAWN RADIUS server certificate. Since these devices just silently fail to connect if they aren’t able to validate the certificate, we found it was better just to advise less technically-savvy people to not validate the certificate. However, the security points the both of you have made are still valid. I have added a section to the Security page that discusses how authentications to eduroam/GTwifi are secured with TLS, and how you can manually verify the validity of the RADIUS server certificate presented by checking the SHA-1 and SHA-256 fingerprints to make sure they match. Also, the LAWN team has just added support for the eduroam Configuration Assistant Tool (CAT) which will mitigate this issue as it contains a copy of the correct certificate and will make sure devices are only joining the correct network. I have added some generic info about the CAT tool above, on this page. I will be adding some device specific documentation later on. The CAT tool has worked well for me on the Android devices I’ve tested, so this will probably be our recommended method for configuring most devices going forward as it’s both simple and secure.

gth847y

Posted:April 28, 2018, 2:06 pm

Hello,

I am a remote student who has had success in the past logging into EduRoam on the University of Washington-Seattle/Main campus. Today, I'm unable to connect. I have completed the troubleshooting steps (forgetting the network, checking my wireless adapter's IP/DNS settings, and resetting from the command line followed by a restart) to no avail. I frequently do schoolwork from UW, so it's important that I can use eduroam here. Do you see my authentication attempts?

ejones33

Posted:June 28, 2018, 1:12 pm

Another GTRI employee, but on 10th St. in Centennial Research Building. I can not see any eduroam network. I have manually configured the network but am concerned that we will lose access upon decommissioning of GTwifi.

aharper8

Posted:August 16, 2018, 11:03 am

I have tried using both manual setup and the automatic installer script on my Linux machine and neither works. It keeps asking me for my credentials. Please advise!

Alicia Ann Richhart

Posted:September 17, 2018, 10:29 am

I am hosting a guest account at Georgia Tech and they are unable to access gmail.com. Is this an eduroam security feature?

jsmith457

Posted:September 17, 2018, 12:26 pm

Alicia,

There aren't any website blocks unique to LAWN. If you can get to a website from a regular campus network, then there shouldn't be any difference on eduroam, and I can guarantee you that gmail.com is not blocked.

I sent you an email directly so that you can provide me with some more user-specific info. With that I can look just to make sure there aren't any other LAWN-specific issues with this user.

jsantillo3

Posted:November 20, 2018, 11:33 am

Is there any way to make servers I host here available publicly, i.e., off of the GT/eduroam networks?

jsmith457

Posted:November 20, 2018, 12:43 pm

@jsantillo3 LAWN offers an 'ISS Disabled' option that will not place your devices behind a stateful firewall. This would allow anyone on the internet to reach your devices. On eduroam, your device's ISS preference can only be modified by a member of the LAWN team, so you'll need to open a support request with OIT in order to have this setting modified. For other networks such as Wired LAWN and GTother, ISS preference is configurable on device login. Please see the ISS section of the Security page on this website for more info: http://lawn.gatech.edu/security/index.html#iss

This service is provided to authorized
clients only.
Unauthorized access to this service is prohibited.